Daniel Lowrey
b3b709f1fc
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Prevent implicit function declaration when TLSEXT unavailable
2014-02-25 19:12:49 -07:00
Daniel Lowrey
2bc0dbab44
Prevent implicit function declaration when TLSEXT unavailable
2014-02-25 19:12:33 -07:00
Daniel Lowrey
33914b5166
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Remove test case invalidated by openssl.cafile accessibility change
Tolerate non-standard newlines when parsing stream CA files
Remove openssl tests that shouldn't have survived last merge
Add openssl.cafile ini check when loading cainfo
Change openssl directives to PHP_INI_PERDIR
Update openssl tests with new server/client test harness
Add peer certificate verification on windows
2014-02-25 13:27:10 -07:00
Daniel Lowrey
bab017ddfd
Remove test case invalidated by openssl.cafile accessibility change
2014-02-25 13:02:13 -07:00
Daniel Lowrey
bd95716b8e
Merge branch 'windowsPeerVerification' of https://github.com/DaveRandom/php-src into PHP-5.6
...
* 'windowsPeerVerification' of https://github.com/DaveRandom/php-src :
Update openssl tests with new server/client test harness
Add peer certificate verification on windows
2014-02-25 12:43:52 -07:00
Daniel Lowrey
f8fe09dcef
Tolerate non-standard newlines when parsing stream CA files
2014-02-25 09:59:13 -07:00
Daniel Lowrey
a4c7ab8399
Remove openssl tests that shouldn't have survived last merge
...
These are .phpt files I meant to remove with the last batch as
the same functionality is now covered in other tests and these
are no longer needed.
2014-02-25 09:59:13 -07:00
Daniel Lowrey
47b5873c5d
Change openssl directives to PHP_INI_PERDIR
...
Because openssl.cafile and openssl.capath have implications for
security these directives have been changed to PHP_INI_PERDIR
(previously PHP_INI_ALL)
2014-02-25 09:59:13 -07:00
Chris Wright
d6fb7b8f2e
Update openssl tests with new server/client test harness
2014-02-25 16:51:50 +00:00
Chris Wright
480e4f8541
Add peer certificate verification on windows
...
Peer certificate verification on Windows using the native certificate store and the Windows API
2014-02-25 16:51:49 +00:00
Anatol Belski
38d02db86d
Merge branch 'PHP-5.6'
...
* PHP-5.6:
fix linkage
More openssl UPGRADING updates
Fix build against older OpenSSL libs
Update NEWS/UPGRADING with openssl additions
2014-02-21 23:14:48 +01:00
Anatol Belski
5b6ef90bc0
fix linkage
...
"extern inline" looks like tricky case for portability, but extern
is required with VS. So reduce the case to a starndard one to avoid
unporbatibily.
2014-02-21 23:09:16 +01:00
Daniel Lowrey
a27db7d2da
Fix build against older OpenSSL libs
2014-02-21 13:01:04 -07:00
Daniel Lowrey
c3d76441d5
Fix build against older OpenSSL libs
2014-02-21 12:16:23 -07:00
Daniel Lowrey
1268bd6045
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Mitigate client-initiated SSL renegotiation DoS
2014-02-21 09:15:53 -07:00
Daniel Lowrey
5389d0963c
Merge branch 'reneg-limit' of https://github.com/rdlowrey/php-src into PHP-5.6
...
* 'reneg-limit' of https://github.com/rdlowrey/php-src :
Mitigate client-initiated SSL renegotiation DoS
2014-02-21 09:13:55 -07:00
Daniel Lowrey
b6edbd5897
Mitigate client-initiated SSL renegotiation DoS
2014-02-21 06:31:56 -07:00
Anatol Belski
04a10be9db
Merge branch 'PHP-5.6'
...
* PHP-5.6:
C89 compat
2014-02-21 11:24:18 +01:00
Anatol Belski
f51555ca58
C89 compat
2014-02-21 11:23:42 +01:00
Daniel Lowrey
86d9235de5
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Improve OpenSSL compile flag compatibility, minor updates
Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests
Improve server forward secrecy, refactor client SNI
Add 'honor_cipher_order' server context option
Add 'capture_session_meta' context option
Disable TLS compression by default in both clients and servers
Release ssl buffers
Add openssl_get_cert_locations() function
Explicitly set cert verify depth if not specified
Strengthen default cipher list
2014-02-20 17:46:54 -07:00
Daniel Lowrey
9f94e0b51c
Improve OpenSSL compile flag compatibility, minor updates
2014-02-20 17:23:34 -07:00
Daniel Lowrey
3a9829af20
Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests
2014-02-20 17:10:06 -07:00
Daniel Lowrey
d0c9207cff
Improve server forward secrecy, refactor client SNI
2014-02-20 17:10:06 -07:00
Daniel Lowrey
742fc5fb35
Add 'honor_cipher_order' server context option
2014-02-20 17:10:06 -07:00
Daniel Lowrey
081c8e9d92
Add 'capture_session_meta' context option
2014-02-20 17:10:06 -07:00
Daniel Lowrey
b98b093d73
Disable TLS compression by default in both clients and servers
2014-02-20 17:10:06 -07:00
Daniel Lowrey
b9ba011c0f
Release ssl buffers
2014-02-20 17:10:06 -07:00
Daniel Lowrey
df6bfe3be2
Add openssl_get_cert_locations() function
2014-02-20 17:10:06 -07:00
Daniel Lowrey
258d04df5c
Explicitly set cert verify depth if not specified
2014-02-20 17:10:06 -07:00
Daniel Lowrey
225f534b1a
Strengthen default cipher list
2014-02-20 17:10:06 -07:00
Daniel Lowrey
af318419ad
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Add tests for Bug #65538
Fix Bug #65538 (cafile now supports stream wrappers)
2014-02-19 04:19:30 -07:00
Daniel Lowrey
e272225e2a
Merge branch 'bug-65538' of https://github.com/rdlowrey/php-src into PHP-5.6
...
* 'bug-65538' of https://github.com/rdlowrey/php-src :
Add tests for Bug #65538
Fix Bug #65538 (cafile now supports stream wrappers)
2014-02-19 04:17:33 -07:00
Daniel Lowrey
4c1baa8263
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Skip failing tests when EC unavailable (RHEL)
2014-02-19 04:03:16 -07:00
Daniel Lowrey
d9036d14f7
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Skip failing tests when EC unavailable (RHEL)
2014-02-19 04:01:57 -07:00
Daniel Lowrey
a7d3606650
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Skip failing tests when EC unavailable (RHEL)
Conflicts:
ext/openssl/openssl.c
2014-02-19 04:01:08 -07:00
Daniel Lowrey
633f898f15
Skip failing tests when EC unavailable (RHEL)
2014-02-19 03:57:37 -07:00
Daniel Lowrey
491d492ada
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Fixed broken build when EC unavailable
2014-02-17 19:39:43 -05:00
Daniel Lowrey
4e4d319e62
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fixed broken build when EC unavailable
2014-02-17 19:38:49 -05:00
Daniel Lowrey
bd9aa181dc
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fixed broken build when EC unavailable
2014-02-17 19:38:30 -05:00
Daniel Lowrey
a80cec1190
Fixed broken build when EC unavailable
2014-02-17 18:55:39 -05:00
Daniel Lowrey
2a83295b14
Add tests for Bug #65538
2014-02-16 09:20:43 -07:00
Daniel Lowrey
c7220dc6c5
Fix Bug #65538 (cafile now supports stream wrappers)
2014-02-16 08:47:37 -07:00
Daniel Lowrey
1b4af87af4
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Fix for bug66501 - "key type not supported in this PHP build"
2014-02-14 18:24:04 -07:00
Daniel Lowrey
b60cb2b88a
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fix for bug66501 - "key type not supported in this PHP build"
2014-02-14 18:20:01 -07:00
Daniel Lowrey
65adb74984
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fix for bug66501 - "key type not supported in this PHP build"
2014-02-14 18:15:24 -07:00
mk-j
19524fc6fe
Fix for bug66501 - "key type not supported in this PHP build"
2014-02-14 18:11:46 -07:00
Daniel Lowrey
89292d95ad
Add missing TSRMLS_CC
2014-02-14 17:27:29 -07:00
Daniel Lowrey
8562b8c163
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Bug #47030 (separate host and peer verification)
2014-02-14 15:40:36 -07:00
Daniel Lowrey
ce8dc0ede2
Bug #47030 (separate host and peer verification)
2014-02-14 15:17:30 -07:00
Daniel Lowrey
a5551b73db
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Fix test broken if openssl is compiled without sslv2
2014-02-14 13:39:53 -07:00
Daniel Lowrey
f073588e75
Fix test broken if openssl is compiled without sslv2
2014-02-14 13:39:02 -07:00
Daniel Lowrey
4921c1f0ce
Fix segfault accessing context when no context assigned
...
Conflicts:
ext/openssl/xp_ssl.c
2014-02-14 10:33:43 -07:00
Daniel Lowrey
8582353700
Fix segfault accessing context when no context assigned
2014-02-14 10:24:08 -07:00
Daniel Lowrey
6c1cdd0814
Merge branch 'PHP-5.6'
...
* PHP-5.6:
Fixed SNI failure from missing Z_STRVAL_PP
2014-02-04 19:13:50 -07:00
Daniel Lowrey
99fa59054d
Fixed SNI failure from missing Z_STRVAL_PP
2014-02-04 19:11:56 -07:00
Daniel Lowrey
0893a13e32
Remove #if PHP_VERSION_ID version checks
2014-02-01 08:13:53 -07:00
Daniel Lowrey
05c309f2d8
Remove #if PHP_VERSION_ID version checks
2014-02-01 08:01:13 -07:00
Daniel Lowrey
58293fb533
Use master-agnostic zend_is_true checks
2014-01-31 14:18:31 -07:00
Daniel Lowrey
43432c12f1
Fixed build breakage from b4b4d9697f
2014-01-29 17:57:59 -07:00
Daniel Lowrey
b4b4d9697f
Verify peers by default in client socket operations
2014-01-28 10:05:56 -07:00
Daniel Lowrey
68883318aa
Prevent invalid SAN peer verification on null byte prefix attack
2014-01-27 14:51:22 -07:00
Xinchen Hui
0f53e37494
Merge branch 'PHP-5.6'
2014-01-03 11:09:07 +08:00
Xinchen Hui
c081ce628f
Bump year
2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772
Bump year
2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0
Bump year
2014-01-03 11:04:26 +08:00
Kalle Sommer Nielsen
d14670ccdb
Eliminate another TSRMLS_FETCH() in i_zend_is_true()
...
# Affected extensions have all been updated, ext/opcache and ext/zip
# both have macros for cross version compatibility
2013-12-18 07:25:05 +01:00
Anatol Belski
39a2dcdeac
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fixed bug #65486 mysqli_poll() is broken on Win x64
2013-12-12 10:46:21 +01:00
Anatol Belski
da62fd5ed8
Fixed bug #65486 mysqli_poll() is broken on Win x64
...
While this issue is visible in mysqli_poll() functions, the cause
lays deeper in the stream to socket casting API. On Win x64 the
SOCKET datatype is a 64 or 32 bit unsigned, while on Linux/Unix-like
it's 32 bit signed integer. The game of casting 32 bit var to/from
64 bit pointer back and forth is the best way to break it.
Further more, while socket and file descriptors are always integers
on Linux, those are different things using different APIs on Windows.
Even though using integer instead of SOCKET might work on Windows, this
issue might need to be revamped more carefully later. By this time
this patch is tested well with phpt and apps and shows no regressions,
neither in mysqli_poll() nor in any other parts.
2013-12-12 10:17:01 +01:00
Anatol Belski
e9efc16660
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
fix dir separator in cve-2013-6420 test
2013-12-11 13:33:37 +01:00
Anatol Belski
b6bcae5c10
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
fix dir separator in cve-2013-6420 test
2013-12-11 13:33:16 +01:00
Anatol Belski
ff89066b3d
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
fix dir separator in cve-2013-6420 test
2013-12-11 13:32:49 +01:00
Anatol Belski
6f739318fd
fix dir separator in cve-2013-6420 test
2013-12-11 13:31:29 +01:00
Stanislav Malyshev
293984ac33
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
5.3.29-dev
Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
2013-12-10 11:36:06 -08:00
Stanislav Malyshev
41cd533298
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
5.3.29-dev
Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
2013-12-10 11:35:26 -08:00
Stanislav Malyshev
71daf3229b
Merge branch 'PHP-5.3' into PHP-5.4
...
* PHP-5.3:
5.3.29-dev
Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
Conflicts:
configure.in
main/php_version.h
2013-12-10 11:34:35 -08:00
Stanislav Malyshev
c1224573c7
Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
2013-12-10 11:03:49 -08:00
Michael Wallner
c86862cb3c
Merge branch 'openssl_compile_warning_fix' of https://github.com/bukka/php-src
...
* 'openssl_compile_warning_fix' of https://github.com/bukka/php-src :
Fix compiler warnings in openssl.c
2013-10-18 12:03:02 +02:00
Michael Wallner
b95f9fa0aa
previous revert killed that file
2013-10-17 15:32:18 +02:00
Michael Wallner
3f2fba4c34
Merge branch 'updated_tls_support' of https://github.com/rdlowrey/php-src
...
* 'updated_tls_support' of https://github.com/rdlowrey/php-src :
Added support for TLSv1.1 and TLSv1.2
Conflicts:
ext/openssl/xp_ssl.c
2013-10-17 15:27:15 +02:00
Michael Wallner
dd3a4c303b
Merge branch 'PHP-5.5'
...
* PHP-5.5:
Revert "TLS news"
Revert "Added support for TLSv1.1 and TLSv1.2"
2013-10-17 15:22:07 +02:00
Michael Wallner
8aaecef524
Revert "Added support for TLSv1.1 and TLSv1.2"
...
This reverts commit 2aaa3d538a
.
2013-10-17 15:20:38 +02:00
Michael Wallner
ad0a85b9e2
fix ws
2013-10-17 15:09:28 +02:00
Michael Wallner
5a7ca69e56
Merge branch 'PHP-5.5'
...
* PHP-5.5:
Added support for TLSv1.1 and TLSv1.2
Conflicts:
ext/openssl/xp_ssl.c
2013-10-17 14:53:50 +02:00
Daniel Lowrey
2aaa3d538a
Added support for TLSv1.1 and TLSv1.2
...
Conflicts:
ext/openssl/xp_ssl.c
2013-10-17 14:49:44 +02:00
Jakub Zelenka
c092d286fc
Fix compiler warnings in openssl.c
2013-10-13 15:52:39 +01:00
Daniel Lowrey
9d57243794
Fixes broken zts build (recent openssl changes)
2013-10-12 22:28:15 +02:00
Michael Wallner
e2d123a720
C89
2013-10-09 17:16:25 +02:00
Michael Wallner
c85c50e35c
Merge branch 'san_peer_matching' of https://github.com/rdlowrey/php-src
...
* 'san_peer_matching' of https://github.com/rdlowrey/php-src :
Changed return types to zend_bool, renamed test
Added SAN matching during peer verification
2013-10-09 17:09:03 +02:00
Daniel Lowrey
a40dd6e963
Changed return types to zend_bool, renamed test
2013-10-09 09:55:36 -04:00
Michael Wallner
302b9d4e5c
Merge branch 'PHP-5.5'
...
* PHP-5.5:
C89 compatibility
2013-10-09 12:30:51 +02:00
Michael Wallner
3b3c57e79e
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
C89 compatibility
2013-10-09 12:30:42 +02:00
Michael Wallner
22700890d4
C89 compatibility
2013-10-09 12:30:31 +02:00
Michael Wallner
29d5ff75d5
Merge branch 'PHP-5.5'
...
* PHP-5.5:
Fixed segfault when built with OpenSSL >= 1.0.1
fixing a minor typo in CODING_STANDARDS document
FIX BUG #65219 - Typo correction
FIX BUG #65219 - USE DB not being sent for FreeTDS version < 0.92 FreeTDS <0.92 does not support DBSETLDBNAME option and therefore will not work with SQL Azure. Fallback to dbuse command in letter versions.
2013-10-09 09:18:29 +02:00
Michael Wallner
36fb4ed968
Merge branch 'PHP-5.4' into PHP-5.5
...
* PHP-5.4:
Fixed segfault when built with OpenSSL >= 1.0.1
fixing a minor typo in CODING_STANDARDS document
FIX BUG #65219 - Typo correction
FIX BUG #65219 - USE DB not being sent for FreeTDS version < 0.92 FreeTDS <0.92 does not support DBSETLDBNAME option and therefore will not work with SQL Azure. Fallback to dbuse command in letter versions.
2013-10-09 09:17:48 +02:00
Daniel Lowrey
b026993a74
Fixed segfault when built with OpenSSL >= 1.0.1
...
(PR #481 )
2013-10-09 09:17:25 +02:00
Daniel Lowrey
2ddefbd2b3
Added support for TLSv1.1 and TLSv1.2
2013-10-08 14:09:17 -04:00
Daniel Lowrey
1970b96443
Added SAN matching during peer verification
2013-10-08 12:37:44 -04:00
Michael Wallner
ea0578e223
Merge branch 'ssl-streams-crypto-method' of https://github.com/mj/php-src
...
* 'ssl-streams-crypto-method' of https://github.com/mj/php-src :
Add unit test that covers setting the crypto method.
Streams for ssl:// transports can now be configured to use a specific crypto method (SSLv3, SSLv2 etc.) by calling
2013-10-08 16:10:00 +02:00
Michael Wallner
8300ced2f7
Merge branch 'bug65729' of https://github.com/datibbaw/php-src
...
* 'bug65729' of https://github.com/datibbaw/php-src :
DNS name comparison is now case insensitive.
Use zend_bool as return value for _match()
Added two more test cases for CN matching.
yay, reduced one variable
Fixed bug that would lead to out of bounds memory access
added better wildcard matching for CN
2013-10-08 15:58:28 +02:00
datibbaw
6106896440
DNS name comparison is now case insensitive.
2013-10-08 10:07:54 +08:00